Vulnerabilites related to cisco - security_agent
Vulnerability from fkie_nvd
Published
2006-10-26 17:07
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 4.5 | |
| cisco | security_agent | 4.5.1 | |
| cisco | security_agent | 4.5.1.639 | |
| cisco | security_agent | 5.0 | |
| cisco | unified_callmanager | 5.0\(1\) | |
| cisco | unified_callmanager | 5.0\(2\) | |
| cisco | unified_callmanager | 5.0\(3\) | |
| cisco | unified_callmanager | 5.0\(3a\) | |
| cisco | unified_callmanager | 5.0\(4\) | |
| cisco | unified_presence_server | 1.0 | |
| cisco | unified_presence_server | 1.0\(2\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5562E755-E4A3-4656-859A-40757012BE89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A1657D-BBC9-4CF5-8F5A-486FAC8B9489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1.639:*:*:*:*:*:*:*",
"matchCriteriaId": "14F08C40-7A58-4B0B-A3A1-6F23DB113F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C5865997-F8B2-4ABB-96DF-3AE691A7CE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E9211420-9F35-4872-879A-5F7CA29C6299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD4B55-4C68-45CD-988E-D470C26E5E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_callmanager:5.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BC32C417-3E61-4892-9A42-C31C6D62F09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F897DA4-E313-45C8-A4FB-52404D6541BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CDA3BA5D-2CEB-4AAC-8CB4-4A2CDC574076",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options."
},
{
"lang": "es",
"value": "Cisco Security Agent (CSA) para Linux 4.5 anteriores a 4.5.1.657 y 5.0 anteriores a 5.0.0.193, tal y como se usan en Unified CallManager (CUCM) y Unified Presence Server (CUPS), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (resource consumption) mediante una exploraci\u00f3n de puertos con opciones concretas."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product updates:\r\nCisco, Unified CallManager, 5.0(4)\r\nCisco, Unified CallManager, 5.0(4a) with CSA COP upgrade\r\nCisco, Unified Presence Server, 1.0(2) with CSA COP upgrade\r\nCisco, Security Agent, 5.0.193\r\nCisco, Security Agent, 4.5.1.657\r\nCisco, Security Agent, 5.1",
"id": "CVE-2006-5553",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-26T17:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22574"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017118"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807693c7.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30055"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20737"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4198"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807693c7.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29829"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-19 01:00
Modified
2025-04-11 00:51
Severity ?
Summary
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 5.1 | |
| cisco | security_agent | 5.2 | |
| cisco | security_agent | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "734B38F1-6FEC-4A94-B1C9-D076750A133F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8805C68E-E152-4089-B74C-1B7703ECC064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request."
},
{
"lang": "es",
"value": "La consola de administraci\u00f3n (webagent.exe) en Cisco Security Agent v5.1, v5.2 y v6.0 antes de v6.0.2.145 permite a atacantes remotos crear ficheros arbitrarios y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de par\u00e1metros no especificados en una petici\u00f3n st_upload debidamente modificada."
}
],
"id": "CVE-2011-0364",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-19T01:00:02.337",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43383"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43393"
},
{
"source": "psirt@cisco.com",
"url": "http://securityreason.com/securityalert/8095"
},
{
"source": "psirt@cisco.com",
"url": "http://securityreason.com/securityalert/8197"
},
{
"source": "psirt@cisco.com",
"url": "http://securityreason.com/securityalert/8205"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/46420"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1025088"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"source": "psirt@cisco.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-23 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8805C68E-E152-4089-B74C-1B7703ECC064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Management Center para Cisco Security Agents v6.0 permite a usuarios remotos autenticados leer ficheros de forma arbitraria a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-0146",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-23T20:30:00.593",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/62443"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/38271"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5562E755-E4A3-4656-859A-40757012BE89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet."
},
{
"lang": "es",
"value": "Cisco Security Agent (CSA) 4.5 permite que atacantes remotos causen una denegaci\u00f3n de servicio (ca\u00edda del sistema) mediante un paquete IP manipulado."
}
],
"id": "CVE-2005-2280",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21344"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-23 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 5.2 | |
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "734B38F1-6FEC-4A94-B1C9-D076750A133F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\""
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Cisco Security Agent v5.2 anterior a v5.2.0.285, cuando se ejecuta sobre linux, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (kernel panic) a trav\u00e9s de \"series de paquetes TCP\"."
}
],
"evaluatorComment": "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml\r\n\r\nOnly Cisco Security Agent release 5.2 for Linux, either managed or standalone, are affected by the DoS vulnerability (the Windows version is not affected).\r\n\r\nThe Linux version of standalone agents are installed in the following products:\r\n\r\n * Cisco Unified Communications Manager (CallManager)\r\n * IPCC Express\r\n * IP Interactive Voice Response (IP IVR)\r\n * Cisco Unified Meeting Place\r\n * Cisco Personal Assistant (PA)\r\n * Cisco Unity Connection\r\n\r\nNote: The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities. Only Cisco Security Agent release 5.2 for Linux, either managed or standalone, are affected by the DoS vulnerability. \"",
"id": "CVE-2010-0148",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-23T20:30:00.670",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/62445"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/38273"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1023607"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-15 01:46
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 2.1 | |
| cisco | security_agent | 3 | |
| cisco | security_agent | 4.0 | |
| cisco | security_agent | 4.0.1 | |
| cisco | security_agent | 4.0.2 | |
| cisco | security_agent | 4.0.3 | |
| cisco | security_agent | 4.0.3.728 | |
| cisco | security_agent | 4.5 | |
| cisco | security_agent | 4.5.1 | |
| cisco | security_agent | 4.5.1.639 | |
| cisco | security_agent | 4.5.1.657 | |
| cisco | security_agent | 4.5.1.659 | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.0.0.201 | |
| cisco | security_agent | 5.0.193 | |
| cisco | security_agent | 5.1 | |
| cisco | security_agent | 5.1.79 | |
| cisco | security_agent | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31271A5A-61AE-486E-830B-FBDA557D802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F15A5A49-D0DF-4E65-A86E-7B71E7BF0273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1089218C-A480-49CF-A499-5ABDAD017B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA5B2E7-203D-4340-80C1-3CAF1A15A36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "612862DD-0FEE-4FBE-8750-EFC7BA22E792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "845D746E-3269-4E43-836B-486331EC14EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.3.728:*:*:*:*:*:*:*",
"matchCriteriaId": "90021BE3-85B4-46E5-BDC0-04A30B772063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5562E755-E4A3-4656-859A-40757012BE89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A1657D-BBC9-4CF5-8F5A-486FAC8B9489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1.639:*:*:*:*:*:*:*",
"matchCriteriaId": "14F08C40-7A58-4B0B-A3A1-6F23DB113F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1.657:*:*:*:*:*:*:*",
"matchCriteriaId": "92BCC996-7C45-479D-8952-00B079604CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1.659:*:*:*:*:*:*:*",
"matchCriteriaId": "D2AEBD5B-2EFD-465E-8108-24AB0CEB0892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0.0.201:*:*:*:*:*:*:*",
"matchCriteriaId": "7A691B7B-A8B1-41D5-A6F2-7521146F02AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0.193:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC93FD-9A77-49AD-86CB-414B041F52F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1.79:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1FE344-15E2-44B5-9346-253283CEBD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "734B38F1-6FEC-4A94-B1C9-D076750A133F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en un determinado controlador en Cisco Security Agent versiones 4.5.1 anteriores a 4.5.1.672, versiones 5.0 anteriores a 5.0.0.225, versiones 5.1 anteriores a 5.1.0.106, y versiones 5.2 anteriores a 5.2.0.238 en Windows, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un paquete SMB especialmente dise\u00f1ado en una sesi\u00f3n TCP en el puerto (1) 139 o (2) 445."
}
],
"id": "CVE-2007-5580",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-15T01:46:00.000",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/39521"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27947"
},
{
"source": "psirt@cisco.com",
"url": "http://securityreason.com/securityalert/3425"
},
{
"source": "psirt@cisco.com",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"source": "psirt@cisco.com",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/26723"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1019046"
},
{
"source": "psirt@cisco.com",
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4103"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-22 01:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_services_client | 4.0 | |
| cisco | secure_services_client | 4.0.5 | |
| cisco | secure_services_client | 4.0.51 | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.1 | |
| cisco | trust_agent | 1.0 | |
| cisco | trust_agent | 2.0 | |
| cisco | trust_agent | 2.0.1 | |
| cisco | trust_agent | 2.1 | |
| meetinghouse | aegis_secureconnect_client | windows_platform |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEFEA3C-0595-4A62-8ACA-EBC364BFAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3802F8EB-A1B9-42ED-B18F-6DDDE66D1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "63567540-B390-41DB-B3C8-C6F5E47914A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE07274-FF2E-4D38-8E7A-68535BA3B841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A548227E-0736-44B4-AB8B-930D5B7FC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDB26D-F1DC-4B90-824B-B03EDE92C27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "957BB8CB-A3E9-4FB0-A60D-864FD14371C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
},
{
"lang": "es",
"value": "Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido desplegado un Trust Agent vulnerable), y el Meetinghouse AEGIS SecureConnect Client, usan una Discretionary Access Control Lists (DACL) predeterminada y no segura para la interfaz gr\u00e1fica de usuario (GUI) de conexi\u00f3n cliente, lo que permite a usuarios locales alcanzar privilegios inyectando \"a thread under ConnectionClient.exe,\" tambi\u00e9n se conoce como CSCsg20558."
}
],
"id": "CVE-2007-1066",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33047"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-22 01:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_services_client | 4.0 | |
| cisco | secure_services_client | 4.0.5 | |
| cisco | secure_services_client | 4.0.51 | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.1 | |
| cisco | trust_agent | 1.0 | |
| cisco | trust_agent | 2.0 | |
| cisco | trust_agent | 2.0.1 | |
| cisco | trust_agent | 2.1 | |
| meetinghouse | aegis_secureconnect_client | windows_platform |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEFEA3C-0595-4A62-8ACA-EBC364BFAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3802F8EB-A1B9-42ED-B18F-6DDDE66D1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "63567540-B390-41DB-B3C8-C6F5E47914A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE07274-FF2E-4D38-8E7A-68535BA3B841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A548227E-0736-44B4-AB8B-930D5B7FC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDB26D-F1DC-4B90-824B-B03EDE92C27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "957BB8CB-A3E9-4FB0-A60D-864FD14371C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
},
{
"lang": "es",
"value": "Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido desplegado un Trust Agent vulnerable) y el Meetinghouse AEGIS SecureConnect Client, no pierde los privilegios cuando es invocado el servicio de ayuda en la GUI del requirente, lo que permite a usuarios locales alcanzar privilegios, tambi\u00e9n se conoce como CSCsf14120."
}
],
"id": "CVE-2007-1064",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33049"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-23 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 5.1 | |
| cisco | security_agent | 5.2 | |
| cisco | security_agent | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "734B38F1-6FEC-4A94-B1C9-D076750A133F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8805C68E-E152-4089-B74C-1B7703ECC064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el Management Center para Cisco Security Agents v5.1 anterior a v5.1.0.117, v5.2 anterior a v5.2.0.296, y v6.0 anterior a v6.0.1.132, permite a usuarios autenticados remotamente ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-0147",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-23T20:30:00.627",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/62444"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/38272"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-29 20:03
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 4.5.0 | |
| cisco | security_agent | 4.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77805E6E-F638-4EAA-A814-AA0D711190DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A1657D-BBC9-4CF5-8F5A-486FAC8B9489",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software."
}
],
"id": "CVE-2005-3886",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-29T20:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17815"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/224"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015283"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15618"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2655"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 3 | |
| cisco | security_agent | 4.0 | |
| cisco | security_agent | 4.0.1 | |
| cisco | security_agent | 4.0.2 | |
| cisco | security_agent | 4.0.3 | |
| okena | stormwatch | 3.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F15A5A49-D0DF-4E65-A86E-7B71E7BF0273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1089218C-A480-49CF-A499-5ABDAD017B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA5B2E7-203D-4340-80C1-3CAF1A15A36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "612862DD-0FEE-4FBE-8750-EFC7BA22E792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "845D746E-3269-4E43-836B-486331EC14EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:okena:stormwatch:3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBF27E6-425B-4B62-BAF4-AF46D2C38C0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period."
}
],
"id": "CVE-2004-1112",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11659"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-22 01:28
Modified
2025-04-09 00:30
Severity ?
Summary
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_services_client | 4.0 | |
| cisco | secure_services_client | 4.0.5 | |
| cisco | secure_services_client | 4.0.51 | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.1 | |
| cisco | trust_agent | 1.0 | |
| cisco | trust_agent | 2.0 | |
| cisco | trust_agent | 2.0.1 | |
| cisco | trust_agent | 2.1 | |
| meetinghouse | aegis_secureconnect_client | windows_platform |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEFEA3C-0595-4A62-8ACA-EBC364BFAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3802F8EB-A1B9-42ED-B18F-6DDDE66D1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "63567540-B390-41DB-B3C8-C6F5E47914A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE07274-FF2E-4D38-8E7A-68535BA3B841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A548227E-0736-44B4-AB8B-930D5B7FC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDB26D-F1DC-4B90-824B-B03EDE92C27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "957BB8CB-A3E9-4FB0-A60D-864FD14371C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
},
{
"lang": "es",
"value": "Los m\u00e9todos de autenticaci\u00f3n (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, y (10) FAST en Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent, (CSA) versiones 5.0 y 5.1 (cuando ha sido implementado un Trust Agent vulnerable), y el Meetinghouse AEGIS SecureConnect Client, almacena las credenciales de autenticaci\u00f3n transmitidas en archivos de registro de texto plano, lo que permite a usuarios locales obtener informaci\u00f3n confidencial por medio de la lectura de estos archivos, tambi\u00e9n se conoce como CSCsg34423."
}
],
"id": "CVE-2007-1068",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33046"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24258"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-22 01:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_services_client | 4.0 | |
| cisco | secure_services_client | 4.0.5 | |
| cisco | secure_services_client | 4.0.51 | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.1 | |
| cisco | trust_agent | 1.0 | |
| cisco | trust_agent | 2.0 | |
| cisco | trust_agent | 2.0.1 | |
| cisco | trust_agent | 2.1 | |
| meetinghouse | aegis_secureconnect_client | windows_platform |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEFEA3C-0595-4A62-8ACA-EBC364BFAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3802F8EB-A1B9-42ED-B18F-6DDDE66D1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "63567540-B390-41DB-B3C8-C6F5E47914A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE07274-FF2E-4D38-8E7A-68535BA3B841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A548227E-0736-44B4-AB8B-930D5B7FC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDB26D-F1DC-4B90-824B-B03EDE92C27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "957BB8CB-A3E9-4FB0-A60D-864FD14371C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
},
{
"lang": "es",
"value": "Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido desplegado un agente de confianza vulnerable), y el Meetinghouse AEGIS SecureConnect Client, permiten a usuarios locales alcanzar privilegios SYSTEM por medio de vectores no especificados en el requiriente, tambi\u00e9n se conoce como CSCsf15836."
}
],
"id": "CVE-2007-1065",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33048"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-22 01:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_services_client | 4.x | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.1 | |
| cisco | trust_agent | 1 | |
| meetinghouse | aegis_secureconnect_client | windows_platform |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.x:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F54068-B565-4938-8CE9-74B1877A2733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:1:*:*:*:*:*:*:*",
"matchCriteriaId": "441F81AB-A72A-475F-8B61-D6A7CEA48363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
},
{
"lang": "es",
"value": "Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido implementado un Trust Agent vulnerable), y el Meetinghouse AEGIS SecureConnect Client, no analizan apropiadamente los comandos, lo que permite a usuarios locales alcanzar privilegios por medio de vectores no especificados, tambi\u00e9n se conoce como CSCsh30624."
}
],
"id": "CVE-2007-1067",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33045"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-1064 (GCVE-0-2007-1064)
Vulnerability from cvelistv5
Published
2007-02-22 01:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "33049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33049"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-help-privilege-escalation(32621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "33049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33049"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-help-privilege-escalation(32621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "33049",
"refsource": "OSVDB",
"url": "http://osvdb.org/33049"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-help-privilege-escalation(32621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1064",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0148 (GCVE-0-2010-0148)
Vulnerability from cvelistv5
Published
2010-02-23 20:00
Modified
2024-08-07 00:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets."
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-securityagent-tcp-dos(56347)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"name": "1023607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023607"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "38273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38273"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "62445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-securityagent-tcp-dos(56347)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"name": "1023607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023607"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "38273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38273"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "62445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-securityagent-tcp-dos(56347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"name": "1023607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023607"
},
{
"name": "38619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38619"
},
{
"name": "ADV-2010-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "38273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38273"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "62445",
"refsource": "OSVDB",
"url": "http://osvdb.org/62445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0148",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2280 (GCVE-0-2005-2280)
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-07 22:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:48.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050713 Cisco Security Agent Vulnerable to Crafted IP Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml"
},
{
"name": "csa-ip-dos(21344)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050713 Cisco Security Agent Vulnerable to Crafted IP Attack",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml"
},
{
"name": "csa-ip-dos(21344)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050713 Cisco Security Agent Vulnerable to Crafted IP Attack",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml"
},
{
"name": "csa-ip-dos(21344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2280",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-07T22:22:48.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1067 (GCVE-0-2007-1067)
Vulnerability from cvelistv5
Published
2007-02-22 01:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33045",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33045"
},
{
"name": "cisco-cssc-parsing-privilege-escalation(32624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33045",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33045"
},
{
"name": "cisco-cssc-parsing-privilege-escalation(32624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33045",
"refsource": "OSVDB",
"url": "http://osvdb.org/33045"
},
{
"name": "cisco-cssc-parsing-privilege-escalation(32624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1067",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1068 (GCVE-0-2007-1068)
Vulnerability from cvelistv5
Published
2007-02-22 01:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33046",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33046"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-password-information-disclosure(32626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33046",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33046"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-password-information-disclosure(32626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33046",
"refsource": "OSVDB",
"url": "http://osvdb.org/33046"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-password-information-disclosure(32626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1068",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5553 (GCVE-0-2006-5553)
Vulnerability from cvelistv5
Published
2006-10-26 17:00
Modified
2024-08-07 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017118"
},
{
"name": "20737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20737"
},
{
"name": "csa-port-scan-dos(29829)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29829"
},
{
"name": "30055",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30055"
},
{
"name": "20061025 Cisco Security Agent for Linux Port Scan Denial of Service",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807693c7.shtml"
},
{
"name": "ADV-2006-4198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4198"
},
{
"name": "22574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017118"
},
{
"name": "20737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20737"
},
{
"name": "csa-port-scan-dos(29829)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29829"
},
{
"name": "30055",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30055"
},
{
"name": "20061025 Cisco Security Agent for Linux Port Scan Denial of Service",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807693c7.shtml"
},
{
"name": "ADV-2006-4198",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4198"
},
{
"name": "22574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017118",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017118"
},
{
"name": "20737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20737"
},
{
"name": "csa-port-scan-dos(29829)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29829"
},
{
"name": "30055",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30055"
},
{
"name": "20061025 Cisco Security Agent for Linux Port Scan Denial of Service",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807693c7.shtml"
},
{
"name": "ADV-2006-4198",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4198"
},
{
"name": "22574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5553",
"datePublished": "2006-10-26T17:00:00",
"dateReserved": "2006-10-26T00:00:00",
"dateUpdated": "2024-08-07T19:55:53.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1066 (GCVE-0-2007-1066)
Vulnerability from cvelistv5
Published
2007-02-22 01:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-dacl-privilege-escalation(32625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"name": "33047",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33047"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-dacl-privilege-escalation(32625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"name": "33047",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33047"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-dacl-privilege-escalation(32625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"name": "33047",
"refsource": "OSVDB",
"url": "http://osvdb.org/33047"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1066",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1112 (GCVE-0-2004-1112)
Vulnerability from cvelistv5
Published
2004-12-01 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11659"
},
{
"name": "csa-buffer-protection-bypass(18037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"name": "20041111 Crafted Timed Attack Evades Cisco Security Agent Protections",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"name": "P-036",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11659"
},
{
"name": "csa-buffer-protection-bypass(18037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"name": "20041111 Crafted Timed Attack Evades Cisco Security Agent Protections",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"name": "P-036",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11659"
},
{
"name": "csa-buffer-protection-bypass(18037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"name": "20041111 Crafted Timed Attack Evades Cisco Security Agent Protections",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"name": "P-036",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1112",
"datePublished": "2004-12-01T05:00:00",
"dateReserved": "2004-11-30T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0364 (GCVE-0-2011-0364)
Vulnerability from cvelistv5
Published
2011-02-18 23:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8197",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8197"
},
{
"name": "20110216 Management Center for Cisco Security Agent Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"name": "1025088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025088"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"name": "20110217 ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"name": "8205",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8205"
},
{
"name": "43383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43383"
},
{
"name": "8095",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8095"
},
{
"name": "46420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46420"
},
{
"name": "ADV-2011-0424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"name": "43393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43393"
},
{
"name": "cisco-security-webagent-file-upload(65436)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "8197",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8197"
},
{
"name": "20110216 Management Center for Cisco Security Agent Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"name": "1025088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025088"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"name": "20110217 ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"name": "8205",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8205"
},
{
"name": "43383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43383"
},
{
"name": "8095",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8095"
},
{
"name": "46420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46420"
},
{
"name": "ADV-2011-0424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"name": "43393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43393"
},
{
"name": "cisco-security-webagent-file-upload(65436)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8197",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8197"
},
{
"name": "20110216 Management Center for Cisco Security Agent Remote Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"name": "1025088",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025088"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-088",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"name": "20110217 ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"name": "8205",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8205"
},
{
"name": "43383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43383"
},
{
"name": "8095",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8095"
},
{
"name": "46420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46420"
},
{
"name": "ADV-2011-0424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"name": "43393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43393"
},
{
"name": "cisco-security-webagent-file-upload(65436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-0364",
"datePublished": "2011-02-18T23:00:00",
"dateReserved": "2011-01-07T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0147 (GCVE-0-2010-0147)
Vulnerability from cvelistv5
Published
2010-02-23 20:00
Modified
2024-08-07 00:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "62444",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62444"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "cisco-sa-mgmtcenter-sql-injection(56346)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"name": "38272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "62444",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62444"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "cisco-sa-mgmtcenter-sql-injection(56346)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"name": "38272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38619"
},
{
"name": "62444",
"refsource": "OSVDB",
"url": "http://osvdb.org/62444"
},
{
"name": "ADV-2010-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "cisco-sa-mgmtcenter-sql-injection(56346)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"name": "38272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0147",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5580 (GCVE-0-2007-5580)
Vulnerability from cvelistv5
Published
2007-12-15 01:00
Modified
2024-08-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3425",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3425"
},
{
"name": "27947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27947"
},
{
"name": "ADV-2007-4103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"name": "1019046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019046"
},
{
"name": "20071205 Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"name": "39521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39521"
},
{
"name": "20071206 NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"name": "26723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "3425",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3425"
},
{
"name": "27947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27947"
},
{
"name": "ADV-2007-4103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"name": "1019046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019046"
},
{
"name": "20071205 Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"name": "39521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39521"
},
{
"name": "20071206 NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"name": "26723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2007-5580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3425",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3425"
},
{
"name": "27947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27947"
},
{
"name": "ADV-2007-4103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"name": "1019046",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019046"
},
{
"name": "20071205 Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"name": "39521",
"refsource": "OSVDB",
"url": "http://osvdb.org/39521"
},
{
"name": "20071206 NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"name": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"name": "26723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26723"
},
{
"name": "http://www.nsfocus.com/english/homepage/research/0702.htm",
"refsource": "MISC",
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2007-5580",
"datePublished": "2007-12-15T01:00:00",
"dateReserved": "2007-10-19T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1065 (GCVE-0-2007-1065)
Vulnerability from cvelistv5
Published
2007-02-22 01:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "cisco-cssc-privilege-escalation(32622)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "33048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33048"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "cisco-cssc-privilege-escalation(32622)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "33048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33048"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "cisco-cssc-privilege-escalation(32622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "33048",
"refsource": "OSVDB",
"url": "http://osvdb.org/33048"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1065",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3886 (GCVE-0-2005-3886)
Vulnerability from cvelistv5
Published
2005-11-29 20:00
Modified
2024-08-07 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051129 Cisco Security Agent Vulnerable to Privilege Escalation",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml"
},
{
"name": "ADV-2005-2655",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2655"
},
{
"name": "17815",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17815"
},
{
"name": "1015283",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015283"
},
{
"name": "15618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15618"
},
{
"name": "224",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-08T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051129 Cisco Security Agent Vulnerable to Privilege Escalation",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml"
},
{
"name": "ADV-2005-2655",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2655"
},
{
"name": "17815",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17815"
},
{
"name": "1015283",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015283"
},
{
"name": "15618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15618"
},
{
"name": "224",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/224"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051129 Cisco Security Agent Vulnerable to Privilege Escalation",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml"
},
{
"name": "ADV-2005-2655",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2655"
},
{
"name": "17815",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17815"
},
{
"name": "1015283",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015283"
},
{
"name": "15618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15618"
},
{
"name": "224",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/224"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3886",
"datePublished": "2005-11-29T20:00:00",
"dateReserved": "2005-11-29T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0146 (GCVE-0-2010-0146)
Vulnerability from cvelistv5
Published
2010-02-23 20:00
Modified
2024-08-07 00:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62443",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62443"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "cisco-sa-mgmtcenter-dir-traversal(56345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "38271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "62443",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62443"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "cisco-sa-mgmtcenter-dir-traversal(56345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "38271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62443",
"refsource": "OSVDB",
"url": "http://osvdb.org/62443"
},
{
"name": "38619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38619"
},
{
"name": "cisco-sa-mgmtcenter-dir-traversal(56345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"name": "ADV-2010-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "38271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0146",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}